This notification was sent to current clients in your system that approach ADP Netsecure.

As always, thank you for choosing ADP as your business partner!

Note ID: 33400

The link goes through a legitimate hacked site and then onto a malware landing page at [donotclick]abrakandabr.ru:8080/adp.report.php (if running Windows, else they get sent to adp.com). This is hosted on quite a lot of IP addresses:

As mentioned before, this is either the return of the infamous RU:8080 gang, or it is somebody pretending to be the gang. But one rather peculiar factor is that in this case the bad guys only seem to have a small pool of servers that have been compromised for some time, and don't seem to have added any news ones.